File name: | axentaclr.rar |
Full analysis: | https://app.any.run/tasks/6ac594ba-981d-4569-a0e1-5e48a97b1d88 |
Verdict: | Malicious activity |
Analysis date: | December 19, 2018, 00:20:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | D71C07F791FF92ED6809C13CDFB25B32 |
SHA1: | EA0A768F42A4C3319CB2B192EDB3323753F4B513 |
SHA256: | 186D90A70A2C7D54668BE1095D8E497DFE0DFBCB9AE50F160521DFCF21CAF6E4 |
SSDEEP: | 12288:314Nuv5XQ1FgrZ9q2H8xxVXF9Aop+YN7cwP17unhmm:314Nuv5XwgrZ9q2H8JAop+YN7c01ih |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2828 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\axentaclr.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2752 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.36187\axentaclr.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.36187\axentaclr.exe | WinRAR.exe | |
User: admin Company: TODO: <Company name> Integrity Level: MEDIUM Description: TODO: <File description> Exit code: 0 Version: 1.0.0.1 | ||||
1868 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.37368\axentaclr.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.37368\axentaclr.exe | — | WinRAR.exe |
User: admin Company: TODO: <Company name> Integrity Level: MEDIUM Description: TODO: <File description> Exit code: 0 Version: 1.0.0.1 | ||||
3340 | "C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe" 1 "C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.36187\axentaclr.exe" 1A1ABD | C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe | — | axentaclr.exe |
User: admin Company: TODO: <Company name> Integrity Level: MEDIUM Description: TODO: <File description> Version: 1.0.0.1 | ||||
3464 | "C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe" | C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe | — | axentaclr.exe |
User: admin Company: TODO: <Company name> Integrity Level: MEDIUM Description: TODO: <File description> Version: 1.0.0.1 | ||||
2640 | "C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe" 1 "C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.37368\axentaclr.exe" 1A2210 | C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe | — | axentaclr.exe |
User: admin Company: TODO: <Company name> Integrity Level: MEDIUM Description: TODO: <File description> Version: 1.0.0.1 | ||||
2624 | "C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe" | C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe | — | axentaclr.exe |
User: admin Company: TODO: <Company name> Integrity Level: MEDIUM Description: TODO: <File description> Version: 1.0.0.1 | ||||
1472 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\axentaclr.rar | |||
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2828) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2752 | axentaclr.exe | C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe:ZoneIdentifier | — | |
MD5:— | SHA256:— | |||
1868 | axentaclr.exe | C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe:ZoneIdentifier | — | |
MD5:— | SHA256:— | |||
2828 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.37368\version.ini | text | |
MD5:AE3010F5613EEC0DAA4D5A6A9603B5BE | SHA256:9791074FB93172011774A3D82ECDB81FC26EF73875B172D3E536209D5CD0D68D | |||
2828 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2828.39135\axentaclr.exe | executable | |
MD5:61B2ADCDBCCE394BA7765B0A84B97201 | SHA256:A3B74E0ACCB7240E7BA84B8D79DCA441FD2F96AE547A31C321DC7FD32CB49205 | |||
2828 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.37368\axentaclr.exe | executable | |
MD5:61B2ADCDBCCE394BA7765B0A84B97201 | SHA256:A3B74E0ACCB7240E7BA84B8D79DCA441FD2F96AE547A31C321DC7FD32CB49205 | |||
2828 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.36187\version.ini | text | |
MD5:AE3010F5613EEC0DAA4D5A6A9603B5BE | SHA256:9791074FB93172011774A3D82ECDB81FC26EF73875B172D3E536209D5CD0D68D | |||
2828 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2828.36187\axentaclr.exe | executable | |
MD5:61B2ADCDBCCE394BA7765B0A84B97201 | SHA256:A3B74E0ACCB7240E7BA84B8D79DCA441FD2F96AE547A31C321DC7FD32CB49205 | |||
2828 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2828.39135\xNet.dll | executable | |
MD5:3DF8D87A482EFAD957D83819ADB3020F | SHA256:2AC175B4D44245EE8E7AEE9CC36DF86925EF903D8516F20A2C51D84E35F23DA4 | |||
2752 | axentaclr.exe | C:\Users\admin\AppData\Roaming\windowsprofile\WindowsProfile.exe | executable | |
MD5:61B2ADCDBCCE394BA7765B0A84B97201 | SHA256:A3B74E0ACCB7240E7BA84B8D79DCA441FD2F96AE547A31C321DC7FD32CB49205 | |||
2828 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2828.39135\version.ini | text | |
MD5:AE3010F5613EEC0DAA4D5A6A9603B5BE | SHA256:9791074FB93172011774A3D82ECDB81FC26EF73875B172D3E536209D5CD0D68D |